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ArtUnrt: 2162 

DETAILED ACTION 

1 . This action is issued in response to applicant filed application on 12/15/2003. 

2. Claims 1-23 are pending. 

3. The infonmation disclosure statement (IDS) submitted on 1 2/1 5/2003. The 
submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the 
information disclosure statement Is being considered by the examiner. 



Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the Invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 1 - 23 are rejected under 35 U.S.C. 102(b) as being an anticipated by 
Win et al. (Win hereinafter) (US Patent No. 6,182,142 B1, issued: January 30, 2001). 

Regarding Claims 1, and 10, Win discloses an article comprising a machine- 
readable medium storing instructions operable to cause one or more machines to 
perform operations comprising: 
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analyzing database access statements issued for an application in use (Col.2, 
lines 28-33, Win^); 

determining accessed items and types of access for the application based on the 
issued database access statements for the application (Col.2, lines 31 - 34, Win^); and 

developing a role associated with the application based on the determined 
accessed items and types of access (Col.2, lines 35 - 38, Win^), wherein the role may 
be used to allow a user database access when associated the application (Col. 2, lines 
39-40 and 47-49, Win). 

Regarding Claims 2, and 1 1, Win discloses a article, wherein analyzing the 
issued database access statements comprises: 

determining whether the database access statements have been captured 
(Figure 5B, item 516, Col. 10, lines 29 - 34, Win"^); 

normalizing the database access statements (Col. 14, lines 15-17, Win); and 

eliminating redundancies in the database access statements (Col. 14, lines 15 - 
19, Win). 



^ Wherein examiner interprets the step of controlling access, particularly by receiving access infornnation 
and identifying resources authorized (as disclosed by Win) as the step of analyzing the database access 
statements as claimed. 

^ Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 
of access claimed. 

^ Wherein the step of defining the roles corresponds to the step of developing a role claimed. 
^ Wherein the step of recording a login attempt corresponds to the step of determining whether the 
database access statements have been captured as claimed. Specifically, the user's name and password 
correspond to the access statements claimed. 
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Regarding Claim 3, Win discloses a method wherein the database access 
statements comprise Structured Query Language (SQL) queries (Col. 7, lines 9-11, 
Win). 

Regarding Claims 4, and 12, Win discloses an article wherein the determined 
accessed items and types of access include objects accessed (Col. 2, lines 31 - 33, the 
resources, Win) and operations performed on the objects (Col. 2, lines 39-40, to use 
the resources, Win). 

Regarding Claims 5, and 13, Win discloses an article wherein developing a role 
comprises determining permissions for the application based on the detemnined 
accessed items and types of access (Col. 3, lines 34 - 37, Win). 

Regarding Claims 6, and 14, Win discloses an article wherein the instructions are 
further operable to cause one or more machines to perform operations comprising 
determining which of a set of users are authorized to use the application (Col. 3, lines 
13-14, Win). 

Regarding Claims 7, and 15, Win discloses an article wherein the instructions are 
further operable to cause one or more machines to perform operations comprising: 

determining whether a user request to establish an application session has been 
detected (Figure 5B, item 516, Col. 10, lines 29 - 34, a login attempt. Win); 
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finding the role associated with the application (Figure 5C, item 520 and 522, 
Col. 10, lines 57 - 63, Win); and 

assigning the role to a user (Col. 13, lines 32 - 34, Win). 

Regarding Claims 8, and 16, Win discloses an article wherein detecting a user 
request to establish an application session comprises determining if a user is authorized 
to use the application (Col. 1 3, lines 34 - 36, Win). 

Regarding Claims 9, and 17, Win discloses an article wherein the instructions are 
further operable to cause one or more machines to perform operations comprising: 

detecting an end of the application session (Col.9 and 10, lines 45 - 47 and 39 - 
42; respectively. Win); and 

if an end of the application session is detected (Col. 10, lines 39-42, Win), 
disabling the assigned role for the user (Col. 10, lines 42 - 45, Win). 

Regarding Claim 18, Win discloses a database security analyzer comprising: 
a communication Interface operable to receive database access statements 

issued for an application in use (Figure 9, item 918, Communication Interface, Col. 27, 

lines 17 -31, Win); 

a memory operable to store the issued database access statements (Figure 9, 
item 906, Main Memory, Col. 26, lines 8-15, Win); and 
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a processor (Figure 9, item 904, processor, Col. 26, lines 36 - 42, Win) operable 
to develop a role associated with the application based on the issued database access 
statements for the application (Col. 2, lines 35 - 38, Win^), wherein the role may be 
used to allow a user database access when using the application (Col. 2, lines 39 - 40 
and 47-49. Win). 

Regarding Claim 19, Win discloses an analyzer wherein developing a role 
comprises: 

detennining accessed items and types of access for an application based on the 
issued database access statements for the application (Col. 2, lines 31 - 34, Win®); 

determining pemnissions for the application based on the detenmined accessed 
items and types of access (Col. 3, lines 34 - 37, Win); and 

developing a role associated with the application based on the determined 
permissions (Col. 2, lines 35 - 38, Win^). 

Regarding Claim 20, Win discloses an analyzer wherein the determined 
accessed items and types of access include objects accessed (Col. 2, lines 31 - 33, the 
resources. Win) and operations performed on the objects (Col. 2, lines 39 - 40, to use 
the resources, Win). 



^ Wherein the step of defining the roles corresponds to the step of developing a role claimed. 

^ Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 

of access claimed. 

^ Wherein the step of defining the roles corresponds to the step of developing a role claimed. 
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Regarding Claim 21, Win discloses an analyzer wherein developing a role 
comprises: 

detennining whether issued database access statements have been captured 

(Figure 5B, item 516, Col. 10, lines 29 - 34, Win^); 

normalizing the database access statements (Col. 14, lines 15-17, Win); and 
eliminating redundancies in the database access statements (Col. 14, lines 15 - 

19, Win). 

Regarding Claim 22, Win discloses an analyzer wherein the memory comprises 
instructions (Figure 9, item 906, Col. 26, lines 8-12, Win), and the processor operates 
according to the instructions (Figure 9, item 904, Col. 26, lines 36 - 38, Win). 

Regarding Claims 23, Win discloses a method comprising: 

capturing the database access statements issued for one or more applications in 
use (Figure 5B, item 516, Col. 10, lines 29 - 34, Win), wherein the database access 
statements comprise Structured Query Language (SQL) queries (Col. 7, lines 9-11, 
Win); 

normalizing the issued database access statements (Col. 14, lines 15-17, Win); 
eliminating redundancies in the normalized database access statements (Col. 14, 
lines 15- 19, Win); 



Wherein the step of recording a login attempt corresponds to the step of determining whether the 
database access statements have been captured as claimed. Specifically, the user's name and password 
correspond to the access statements claimed. 
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determining accessed items and types of access for an application based on tlie 
Issued database access statements for the application (Col. 2, lines 31 - 34, Win^), 
wherein the determined accessed Items and types of access include objects accessed 
(Col. 2, lines 31 - 33, the resources. Win) and operations performed on the objects 
(Col. 2, lines 39 - 40, to use the resources, Win); 

detemiining permissions for the application based on the accessed items and 
types of access (Col. 3, lines 34 - 37, Win); 

developing a role associated with the application based on the developed 
permissions (Col. 2, lines 35 - 38, Wjn^°); 

determining which of a set of users are authorized to use the application (Col. 3, 
lines 13 -14. Win); 

detecting a user request to establish a session of the application (Figure 5B, item 
516, Col. 10, lines 29 - 34. a login attempt. Win); 

determining if the user is authorized to use the application (Col. 13, lines 34 - 36, 

Win); 

if the user is authorized to use the application, finding the role associated with the 
application (Figure 5C, Item 520 and 522. Col. 10, lines 57 - 63, Win); 

assigning the role to the user (Col. 13, lines 32 - 34, Win); 

detecting an end of the application session (Col. 9 and 10, lines 45-47 and 39 - 
42; respectively. Win); and 



° Wherein the resources correspond to the accessed items claimed; and the roles correspond to the type 
of access claimed. 

^° Wherein the step of defining the roles corresponds to the step of developing a role claimed. 
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if an end of tiie application session is detected (Col. 10, lines 39 - 42, Win), 
disabling the assigned role for the user (Col. 10, lines 42 - 45, Win). 
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Prior Art Made Of R cord 

1 . Win et al. (US Patent No. 6,182,142 B1, issued: January 30, 2001) disclose a 
distributed access management of information resources. 

2. Menninger (US Patent App. Pub. No. 2003/006981 8 Al ) discloses a system, 
method, and computer program product for creating contracts using a graphical user 
interface in a supply chain management framework. 

3. Gold et al. (US Patent App. Pub. No. 2005/0102358 Al) discloses a web page 
monitoring and collaboration system. 
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